350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 121:

    An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

    A. Modify the alert rule to "output alert_syslog: output log"
    B. Modify the output module rule to "output alert_quick: output filename"
    C. Modify the alert rule to "output alert_syslog: output header"
    D. Modify the output module rule to "output alert_fast: output filename"

  • Question 122:

    Refer to the exhibit. A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender?

    A. packet sniffer
    B. malware analysis
    C. SIEM
    D. firewall manager

  • Question 123:

    An engineer received multiple reports from users trying to access a company website and instead of landing on the website, they are redirected to a malicious website that asks them to fill in sensitive personal data. Which type of attack is occurring?

    A. Address Resolution Protocol poisoning
    B. session hijacking attack
    C. teardrop attack
    D. Domain Name System poisoning

  • Question 124:

    Refer to the exhibit. Which two steps mitigate attacks on the webserver from the Internet? (Choose two.)

    A. Create an ACL on the firewall to allow only TLS 1.3
    B. Implement a proxy server in the DMZ network
    C. Create an ACL on the firewall to allow only external connections
    D. Move the webserver to the internal network

  • Question 125:

    Refer to the exhibit. Which asset has the highest risk value?

    A. servers
    B. website
    C. payment process
    D. secretary workstation

  • Question 126:

    What is idempotence?

    A. the assurance of system uniformity throughout the whole delivery process
    B. the ability to recover from failures while keeping critical services running
    C. the necessity of setting maintenance of individual deployment environments
    D. the ability to set the target environment configuration regardless of the starting state

  • Question 127:

    An API developer is improving an application code to prevent DDoS attacks. The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services. Which solution should be implemented?

    A. Restrict the number of requests based on a calculation of daily averages. If the limit is exceeded, temporarily block access from the IP address and return a 402 HTTP error code.
    B. Implement REST API Security Essentials solution to automatically mitigate limit exhaustion. If the limit is exceeded, temporarily block access from the service and return a 409 HTTP error code.
    C. Increase a limit of replies in a given interval for each API. If the limit is exceeded, block access from the API key permanently and return a 450 HTTP error code.
    D. Apply a limit to the number of requests in a given time interval for each API. If the rate is exceeded, block access from the API key temporarily and return a 429 HTTP error code.

  • Question 128:

    A cloud engineer needs a solution to deploy applications on a cloud without being able to manage and control the server OS. Which type of cloud environment should be used?

    A. IaaS
    B. PaaS
    C. DaaS
    D. SaaS

  • Question 129:

    Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?

    A. customer data
    B. internal database
    C. internal cloud
    D. Internet

  • Question 130:

    Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server.

    How should the Snort rule be modified to improve performance?

    A. Block list of internal IPs from the rule
    B. Change the rule content match to case sensitive
    C. Set the rule to track the source IP
    D. Tune the count and seconds threshold of the rule

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.